Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 2 Jul 2013 11:14:40 +0200
From: Marcus Meissner <>
To: OSS Security List <>
Subject: CVE Request: kernel: ipv6: using ipv4 vs ipv6 structure during
	routing lookup in sendmsg


Also fresh in the mainline kernel and spotted by trinity:

commit a963a37d384d71ad43b3e9e79d68d42fbe0901f3
Author: Eric Dumazet <>
Date:   Wed Jun 26 04:15:07 2013 -0700

    ipv6: ip6_sk_dst_check() must not assume ipv6 dst

    It's possible to use AF_INET6 sockets and to connect to an IPv4
    destination. After this, socket dst cache is a pointer to a rtable,
    not rt6_info.

    ip6_sk_dst_check() should check the socket dst cache is IPv6, or else
    various corruptions/crashes can happen.

    Dave Jones can reproduce immediate crash with
    trinity -q -l off -n -c sendmsg -c connect

    With help from Hannes Frederic Sowa

    Reported-by: Dave Jones <>
    Reported-by: Hannes Frederic Sowa <>
    Signed-off-by: Eric Dumazet <>
    Acked-by: Hannes Frederic Sowa <>
    Signed-off-by: David S. Miller <>

Can be triggered by non-root users according to Eric, so needs a CVE.

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ